Tag

#kernel

2 posts tagged #kernel.

Analysis · May 20, 2026 · Colten Anderson

Lazarus didn't bring a vulnerable driver. They used the one already on every Windows PC.

The standard defense against driver-based kernel attacks is a blocklist of known-bad drivers. CVE-2024-21338 routes around it: the vulnerable driver is appid.sys, the AppLocker component Windows ships by default. You can't blocklist a core part of the OS.
Analysis · May 3, 2026 · Colten Anderson

Copy Fail is a 732-byte root shell. Patch your Linux fleet this week.

CVE-2026-31431 is a deterministic privilege escalation in the Linux kernel affecting versions 4.14 through 6.19. A Python script gives any local user root. Every major distro is affected, containers don't help, and the mitigation is trivial.